Update how_to_creating_and_making_a_QEMU_img.mkd

This commit is contained in:
Samson-W 2019-09-10 20:47:05 +08:00
parent d75c1accd8
commit 053fbf8267
1 changed files with 33 additions and 7 deletions

View File

@ -1,5 +1,9 @@
# How to creating and making a QEMU image of harbian-audit complianced Debian GNU/Linux 9 # How to creating and making a QEMU image of harbian-audit complianced Debian GNU/Linux 9
In the following context, deploy with the following name:
Network interface: eth0
username: harbian-audit
## Pre-work ## Pre-work
In the example below, the vul-manager visual tool will be used to remotely connect to the QEMU server for operation. In the example below, the vul-manager visual tool will be used to remotely connect to the QEMU server for operation.
@ -63,6 +67,9 @@ root@harbian:/opt/harbian-audit-master# bash bin/hardening.sh --init
root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --audit-all root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --audit-all
root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --set-hardening-level 5 root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --set-hardening-level 5
root@harbian:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/7.4.4_hosts_deny.cfg root@harbian:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/7.4.4_hosts_deny.cfg
root@harbian:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.1.32_freeze_auditd_conf.cfg
root@harbian:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.4.1_install_aide.cfg
root@harbian:/opt/harbian-audit-master# sed -i 's/^status=.*/status=disabled/' etc/conf.d/8.4.2_aide_cron.cfg
root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --apply root@harbian:/opt/harbian-audit-master# ./bin/hardening.sh --apply
root@harbian:/opt/harbian-audit-master# sed -i "/^root/a\harbian-audit ALL=(ALL:ALL) ALL" /etc/sudoers root@harbian:/opt/harbian-audit-master# sed -i "/^root/a\harbian-audit ALL=(ALL:ALL) ALL" /etc/sudoers
root@harbian:/opt/harbian-audit-master# reboot root@harbian:/opt/harbian-audit-master# reboot
@ -70,7 +77,7 @@ root@harbian:/opt/harbian-audit-master# reboot
After reboot: After reboot:
``` ```
harbian-audit@harbian:/opt/harbian-audit-master$ sudo bash ./docs/configurations/etc.iptables.rules.v4.sh harbian-audit@harbian:/opt/harbian-audit-master$ sudo bash ./docs/configurations/etc.iptables.rules.v4.sh eth0
harbian-audit@harbian:/opt/harbian-audit-master$ sudo -s harbian-audit@harbian:/opt/harbian-audit-master$ sudo -s
root@harbian:/opt/harbian-audit-master# iptables-save > /etc/iptables/rules.v4 root@harbian:/opt/harbian-audit-master# iptables-save > /etc/iptables/rules.v4
root@harbian:/opt/harbian-audit-master# ip6tables-save > /etc/iptables/rules.v6 root@harbian:/opt/harbian-audit-master# ip6tables-save > /etc/iptables/rules.v6
@ -85,7 +92,7 @@ $ sudo sed -i "s/Debian GNU\/Linux 9/harbian-audit complianced for Debian GNU\/L
### Set grub passwd ### Set grub passwd
superusers: harbiansuper superusers: harbiansuper
passwd: harbian_AUDIT,09)( passwd: harbian_AUDIT,09!)
Related how to config grub2 password protection, please reference: Related how to config grub2 password protection, please reference:
[how_to_config_grub2_password_protection.mkd](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/configurations/manual-operation-docs/how_to_config_grub2_password_protection.mkd) [how_to_config_grub2_password_protection.mkd](https://github.com/hardenedlinux/harbian-audit/blob/master/docs/configurations/manual-operation-docs/how_to_config_grub2_password_protection.mkd)
@ -103,16 +110,30 @@ If need adds a project on AMI, add the project on such as /opt, /usr/local/bin d
### Clean up ### Clean up
#### Uninstall
```
$ sudo apt-get purge --autoremove unzip -y
```
#### Clean harbian-audit temp file and conf #### Clean harbian-audit temp file and conf
``` ```
$ sudo rm /opt/master.zip $ sudo rm /opt/master.zip
$ sudo rm /opt/harbian-audit-master/tmp/backups/* $ sudo rm /opt/harbian-audit-master/tmp/backups/*
$ sudo rm /opt/harbian-audit-master/etc/conf.d/*.cfg $ cd /opt/harbian-audit-master/etc/conf.d
$ sudo rm -f !(8.1.32_freeze_auditd_conf.cfg|8.4.1_install_aide.cfg|8.4.2_aide_cron.cfg)
``` ```
#### AIDE RE-INIT #### Final fix
``` ```
$ sudo aideinit -y -f $ cd /opt/harbian-audit-master
$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.1.32_freeze_auditd_conf.cfg
$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.1_install_aide.cfg
$ sudo sed -i 's/^status=.*/status=enabled/' etc/conf.d/8.4.2_aide_cron.cfg
$ sudo bash bin/hardening.sh --apply --only 8.1.32
$ sudo bash bin/hardening.sh --apply --only 8.4.1
$ sudo bash bin/hardening.sh --apply --only 8.4.2
$ sudo rm /opt/harbian-audit-master/tmp/backups/*
$ sudo rm /opt/harbian-audit-master/etc/conf.d/*
``` ```
#### Clear the current log #### Clear the current log
@ -145,6 +166,11 @@ $ history -cw
$ sudo poweroff $ sudo poweroff
``` ```
#### AIDE RE-INIT
```
$ sudo aideinit -y -f
```
## sign QEMU image ## sign QEMU image
ssh to QEMU server, find QEMU image dir, sign the QEMU image: ssh to QEMU server, find QEMU image dir, sign the QEMU image:
``` ```